Microsoft Entra ID data that Druva protects | Druva

Here’s the detailed information on each Microsoft Entra ID entity and its attributes that Druva protects.

Entity	Attributes
Tenant Settings	Object ID Security Defaults Enabled Workload License Company Branding Organization
User	User principal name First name Display name Last name User type Created date time Last password change date time Sign in sessions valid from date time Sign in sessions valid from date time Account enabled City Preferred data location IM addresses Consent provided for minor On-premises sync enabled On-premises SAM account name Mobile phone Employee ID Job title Email Mail nickname Object ID Password profile Employee org data Manager Company name proxy addresses On-premises domain name Business phone on Premises Provisioning Errors ZIP or postal code Age group On-premises user principal name Authorization info Department Fax number Office location Street address On-premises distinguished name State or province Country or region identities Extension attributes External user state change date time Other emails On-premises last sync date time Usage location Legal age group classification Employee hire date Creation type Assigned licenses External user state On-premises immutable ID On-premises security identifier Employee type Preferred language Group Membership Group Ownership Assigned Roles Enterprise Application Membership Enterprise Application Ownership App Registrations Devices Administrative Units Eligible Assignments Role Name Scope (Scope Type) Membership Start Time End Time Active Assignments Role Name Scope (Scope Type) Membership Start Time End Time
User setting (User features, external collaboration settings)	@odata.context Object ID Who can invite external users to the organization Allow to signup for email based subscriptions Allow to use Self-Service Password Reset feature on the tenant Allow email verified Users to join organization User consent for risky apps is allowed Disable the use of MSOL PowerShell Display name Description Guest user access restrictions Default user role permissions
Group	Name Group Type Email Created at Description Aliases Mail Enabled Renewed Date Security Enabled Security Identifier Visibility Microsoft Entra roles can be assigned to group Object ID Membership Rule Deleted Date time Preferred Data Location Expiration Date Resource Provisioning Options Theme Membership Rule Processing State Resource Behavior Options Sensitivity Label Preferred Language Members Owners Roles and Administrator Applications Administrative Units Eligible Assignments Role Name Scope (Scope Type) Membership Start Time End Time Active Assignments Role Name Scope (Scope Type) Membership Start Time End Time
Group setting	Object ID Group settings Security groups
Roles	Description Display Name Is Built-ln Is Enabled resource Scopes Template Id Version Object ID Role Permissions inheritsPermissionsFrom@odata.context inherits Permissions From Assignment Principal Name Type Scope (Scope Type) Membership Start Time End Time Settings Activation Assignment Notify when members assigned as eligible to this role Role assignment alert Default recipients Additional recipients Critical emails only Notification to the assigned user (assignee) Default recipients Additional recipients Critical emails only Request to approve a role assignment renewal/extend Default recipients Additional recipients Critical emails only Notify when members assigned as active to this role Role assignment alert Default recipients Additional recipients Critical emails only
Enterprise applications	Enabled for users to sign-in? Display name exposed by associated application Application ID Tenant ID Assignment required Logout Urls Name Homepage URL Created On The URLs that user tokens are sent to for sign in with the associated application, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to for the associated application tags Object ID permissions Description of associated application Alternative names Notes Owners Roles and Administrator Users and Groups Group Membership Eligible Assignments Role Name Scope (Scope Type) Membership Start Time End Time Active Assignments Role Name Scope (Scope Type) Membership Start Time End Time
App Registrations	Display name Application ID Created On Application ID URL Supported Account Types Object ID required Resource Access optional Claims Apis Web Redirection URLs Spa Redirection URLs App Roles Directory ID group Membership Claims service Management Reference Federated credentials public Client Redirection URLs info Client Secrets tags notes Certificates Owners Roles and administrator
Device (View/Download)	Name Enabled OS Version Join Type Physical ID Created At Registered Last Sign In Date Device ID Roles and Administrator Owners Group Membership Administrative Units
Device setting	Users may attach devices with Azure AD Users may register their devices with Azure AD Require multi-factor authentication to register or attach devices with Azure AD Maximum number of devices per user Enable Azure AD LAPS Restrict users from recover BitLocker keys of their owned devices
Administrative Units	Display Name Is Member Management Restricted Visibility Object ID Membership Rule Membership Rule Processing State Membership Type Deleted Date Time Description Members (Users, Groups, Devices) Roles and Administrators
Conditional Access Policies	Attributes Name Policy ID Template ID Policy creation date Policy modification date State partial Enablement Strategy session Controls Users Include list Exclude list Groups Include list Exclude list Conditions User Risk Sign-in Risk Insider Risk Risk Client Apps Device Platform Include list Exclude list Location Include list Exclude list Filter for Device Include list Exclude list Access Control Grant Access Require multifactor authentication Require authentication strength Require device to be marked as compliant Require Microsoft Entra hybrid joined device Require approved client app Require app protection policy Require password change Session Use Conditional Access App Control Sign-in frequency Persistent browser session Customize continuous access evaluation Disable resilience defaults Require token protection for sign-in sessions

📝NOTE: Privilege Identity Management (PIM) settings backup and restore is available exclusively for tenants licensed with Microsoft Entra ID P2. PIM-related properties are surfaced in the Druva UI for all customers; however, actual backup and restore operations are scoped to P2-licensed tenants only.

For tenants without a P2-equivalent license, PIM objects will appear in the UI but will be excluded from backup and restore workflows.

Permissions required for Microsoft Entra ID

Introduction to Microsoft Entra ID Data Protection

Restore your Microsoft Entra ID data

Release Notes - Microsoft Entra ID

Okta Data that Druva Protects